CVE-2007-0608 - OpenCVE

Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact None

Availability Impact None

AV:N/AC:M/Au:N/C:C/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Advanced Guestbook	Advanced Guestbook

Configuration 1 [-]

cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.4.2:*:*:*:*:*:*:*

References

Link	Resource
http://osvdb.org/34362
http://secunia.com/advisories/25153	Vendor Advisory
http://securityreason.com/securityalert/2661
http://www.netvigilance.com/advisory0011	Vendor Advisory
http://www.osvdb.org/33876
http://www.osvdb.org/33878
http://www.osvdb.org/33879
http://www.securityfocus.com/archive/1/467940/100/0/threaded
http://www.vupen.com/english/advisories/2007/1726
https://exchange.xforce.ibmcloud.com/vulnerabilities/34161

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2007-05-09T17:00:00

Updated: 2018-10-16T14:57:01

Reserved: 2007-01-30T00:00:00

Link: CVE-2007-0608

JSON object: View

NVD Information

Status : Modified

Published: 2007-05-09T17:19:00.000

Modified: 2018-10-16T16:33:36.387

Link: CVE-2007-0608

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-05-07T00:00:00", "descriptions": [{"lang": "en", "value": "Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "33879", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/33879"}, {"name": "20070507 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/467940/100/0/threaded"}, {"tags": ["x_refsource_MISC"], "url": "http://www.netvigilance.com/advisory0011"}, {"name": "advanced-multiple-script-info-disclosure(34161)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34161"}, {"name": "2661", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/2661"}, {"name": "ADV-2007-1726", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2007/1726"}, {"name": "33878", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/33878"}, {"name": "34362", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/34362"}, {"name": "33876", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/33876"}, {"name": "25153", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/25153"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-0608", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "33879", "refsource": "OSVDB", "url": "http://www.osvdb.org/33879"}, {"name": "20070507 Advanced Guestbook version 2.4.2 Multiple Error Information Leak Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/467940/100/0/threaded"}, {"name": "http://www.netvigilance.com/advisory0011", "refsource": "MISC", "url": "http://www.netvigilance.com/advisory0011"}, {"name": "advanced-multiple-script-info-disclosure(34161)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34161"}, {"name": "2661", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/2661"}, {"name": "ADV-2007-1726", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2007/1726"}, {"name": "33878", "refsource": "OSVDB", "url": "http://www.osvdb.org/33878"}, {"name": "34362", "refsource": "OSVDB", "url": "http://osvdb.org/34362"}, {"name": "33876", "refsource": "OSVDB", "url": "http://www.osvdb.org/33876"}, {"name": "25153", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/25153"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-0608", "datePublished": "2007-05-09T17:00:00", "dateReserved": "2007-01-30T00:00:00", "dateUpdated": "2018-10-16T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:advanced_guestbook:advanced_guestbook:2.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "6F527A81-0115-4540-A4C3-E94E582B9434", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path."}, {"lang": "es", "value": "Advanced Guestbook 2.4.2 permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un par\u00e1metro inv\u00e1lido (1) GB_TBL en (a) lang/codes-english.php o (b) image.php,lo cual revela el nombre de la base de datos; (2) un par\u00e1metro inv\u00e1lido GB_DB en index.php, unido con una cookie lang../index, el cual revela la ruta de instalaci\u00f3n; o (3) un respuesta directa en index.php sin par\u00e1metros ni cookies, lo cual revela la ruta de instalaci\u00f3n."}], "evaluatorImpact": "Successful exploitation requires that \"register_globals\" is enabled.", "id": "CVE-2007-0608", "lastModified": "2018-10-16T16:33:36.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 7.1, "confidentialityImpact": "COMPLETE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-05-09T17:19:00.000", "references": [{"source": "cve@mitre.org", "url": "http://osvdb.org/34362"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/25153"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/2661"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.netvigilance.com/advisory0011"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/33876"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/33878"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/33879"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/467940/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2007/1726"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34161"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}